Uploaded image for project: 'Migration Toolkit for Virtualization'
  1. Migration Toolkit for Virtualization
  2. MTV-495

[RHV] Prevent password to RHVM from being shown in UI and logs

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done-Errata
    • Icon: Undefined Undefined
    • 2.5.0
    • 2.4.0
    • None
    • None
    • False
    • None
    • False

      Currently, the provider's password can be seen in some error message,  such as the following error that occurred when it failed to connect with provider:

      Connection test, failed: GET failed. caused by: 'Get "https://hosted-engine-x.lab.eng.tlv2.redhat.com/ovirt-engine/sso/oauth/token?grant_type=password&password=xxx&scope=ovirt-app-api&username=admin%40internal": dial tcp 10.x.x.x:443: i/o timeout'

      This error can be seen on Providers page when clicking on the Connection Failed status, and also in the provider's yaml file.
       
      The plain password shouldn't be shown in UI, yaml, or logs.

        1. provider-error.png
          171 kB
          Nisim Simsolo
        2. provider-yaml.png
          195 kB
          Nisim Simsolo

              mnecas@redhat.com Martin Necas
              rhn-support-qiyuan Qin Yuan
              Nisim Simsolo Nisim Simsolo
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: